8G Firewall
After more than a year of beta testing, 8G Firewall is ready for use on production sites. So you can benefit from the powerful protection provided by the latest evolution of the nG Firewall (aka nG Blacklist). The 8G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. 8G is a lightweight (only 17KB) strong firewall that provides site security and peace of mind. Plus, 8G is open source and 100% free for everyone :)
SetEnvIf instead of mod_rewrite. Learn more and download at GitHub.Contents
About 8G Firewall
The 8G Firewall is a carefully crafted set of security rules for Apache and Nginx servers. It can be applied via your site’s public root .htaccess file, or added via server configuration. Once added, 8G provides powerful server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. It’s a lightweight (only 17KB) strong firewall that improves site security and peace of mind.
8G Firewall builds on 7G, optimizing scope with performance while minimizing false positives. Learn more about nG-series firewall, including 8G and all the details:
Reporting Bugs
As of version 1.3, 8G is out of beta and ready for production sites. Any bugs (false positives) may be reported via my contact form. Or if you have any questions or non-bug-related feedback, you are welcome to leave a comment on this post. Thank you :)
Download 8G Firewall
By downloading 8G, you agree to the terms set forth in the License and Disclaimer. You will find copy of the 8G changelog included in the zip download file. Check out the nG homepage for install steps and complete information.
License & Disclaimer
8G Firewall is open source and 100% free for all. The only requirement is that the following credit lines are included when using 8G (or any of its parts).
# 8G FIREWALL
# https://perishablepress.com/8g-firewall/Other than that, it’s all yours!
Disclaimer
The 8G Firewall is provided “as-is”, with the intention of helping people protect their sites against bad requests and other malicious activity. The code is open and free to use and modify as long as the first two credit lines remain intact. By using this code you assume all risk and responsibility for anything that happens. So use wisely, test thoroughly, and enjoy the benefits of my work :)
Show support
I spend countless hours developing the nG Firewall. I share it freely and openly with the hope that it will help make the Web a more secure place for everyone.
If you benefit from my work with nG Firewall and would like to show support, consider buying one of my books, such as .htaccess made easy. You’ll get a complete guide to .htaccess, exclusive forum access, and a ton of awesome techniques for configuring, optimizing, and securing your site.
Of course, tweets, likes, links, and shares are super helpful and very much appreciated. Your generous support allows me to continue developing the nG Firewall and other awesome resources for the community. Thank you kindly :)
8G Notes
Any 8G-related notes will be added/updated here..
- Only use 7G or 8G, not both
- 8G is modular: each section can be removed/added as desired
- 8G is designed to work flawlessly with WordPress or any other non-WP site
- 8G adds new “HTTP COOKIE” rules
- Please report any strings or user agents that should not be blocked
- Always test well before going live and report any bugs or issues
- Joomla sites: remove “administrator” from Request URI rules
- Other 8G-related notes will be added here..
132 responses to “8G Firewall”
Thank you for your diligence Jeff :)
I’m slow to update to *G from 7G, so I only just tried *G with the add-on.
My flat site look ok but I’m one of the old codgers who still use perl, and both of my perl forms get a 403. These are the two bug urls that provoke the 403;
https://www.example/cgi-bin/search/search.pl
and
https://www.example.com/cgi-bin/zam/zam.pl
Kindly advise where I need to edit the 8G and or Addon code.
Colin
Hi Colin,
Which version of nG Firewall are you testing with that gives you the 403 errors?
I’m using 8G, it’s working fine on my WordPress site, but on my flat-file site it breaks the cgi-bin .pl scripts.
I can try the halving method, if you can’t zone-in on the likely culprit at a glance.
Grep all instances of “cgi” and remove them, would be something to try.
Yes Jeff, I tried removing every cgi line in the 8G code before posting here, but still got a 403 on the urls with perl forms.
Not to worry, I’ll try the halving method and report back when I locate the buggy line.
Yeah halving method should get you there relatively quickly.
Got 8G working now.
I had to remove every instance of cgi and cgi-bin as well as the |pl| and then it worked ok.
I then included the 8G addon code and confirmed my perl scripts work as expected again :)
Glad you got it sorted. This is good information also for anyone else running 8G on sites with CGI/Perl scripts.
Ooo I’m pretty sure I’m the last person still using perl scripts and the cgi-bin.
Call me a sentimental Dodo … but a bloke called John Walker (autoCAD inventor) tailored my contact perl script for me, and it still works perfectly decades later.
Thank you again for your diligence and hard work.
Hi Jeff,
Hope you’re doing well!
As always, many thanks for all of your hard work on the xG firewalls.
I came across a posting by someone about blocking via Sec-Fetch-* headers – something I’m not familiar with.
I’m wondering if you have an opinion… Here’s where I found this…
https://forum.openlitespeed.org/threads/how-to-block-unwanted-traffic-easily-but-effectively-and-without-waf-or-cloudflare.5989/
I haven’t tried it, but just looking at the proposed code there are numerous red flags. My advice would be to test super well over an extended period if you decide to give it a go.
I hope you are doing well too, Ken. Cheers!
It’s great to see another version! This is some impressive htaccess and regex work, wow ;-)
I’ve been using the 7G firewall for my WordPress sites, and I’m glad to see it improving.
Thanks for your hard work; I really appreciate it.
Any plans to add AI Bots, Crawlers, and Scrapers to 8G Firewall? Until then, how can we modifiy your 8G Firewall rule(s) to add them?
Yes I am compiling AI bot names and will be adding them to BBQ Firewall, BBQ Pro, and integrate into nG Firewall. To add your own bots manually, check out the User Agent rules and emulate accordingly.
Thank you!
Hi,
I found that the following line in the .htaccess file:
RewriteRule .* - [F]is blocking some pages of the site’s language versions. For example, this URL:
https://www.mysite.com/pl/feeds/spotting-and-treating-dehydration-in-pets/Some pages return a 403 error, while others remain accessible. For now, I’ve commented out the code (# RewriteRule .* – [F]), and everything is working fine.
Could you please check if this rule is necessary and how best to adjust it? Thank you in advance.
Actually that is the rewrite rule that applies the entire block of rewrite conditions. So by commenting it out, you effectively are disabling everything in that set of rules. Also the URL you mention is not blocked by 8G, as can be verified here. So there must be some other factor(s) interfering somehow.
Your 8G file contains an entry (string) labeled “export”.
This entry is blocking WordPress’ export page (WP Menu > Tools > Export) by displaying a 403 Forbidden page.
We deleted this entry to fix the issue. You may want to consider deleting it from your 8G file. Cheers.
Yep it’s been reported and is on the list for next update, due within the next few weeks if possible.
Awesome. Thank you!
One other thing … since 8G (released) still has some issues, are you going to create a changelog for it? A must have if you’re going to make future backend changes to it. Thank you!
It’s included with the 8G zip file.
Back to my previous comment, I noticed there’s a Changelog embedded in the 8G zip file, but couldn’t find a public changelog link for it.
I would add it here: https://prnt.sc/zjrItspX3hxj
Cheers!
Yeah maybe, thanks for the feedback.
Creating the Changelog link (public link) will save us a lot of time. It will keep users from having to download and inspect the embedded changelog file to find out if they’re using the most-current one.
Another option is add a rev letter to your 8G file link (e.g., 8G.100, 8G.101, 8G.110)
Thank you!
The 8G file entry (string), “administrator”, blocks website pages that contain blogs written and published by the site administrator, and which contain a reference page to the author (i.e., administrator).
Details:
https://prnt.sc/NX43-h3r5fa3
Kindly review and fix the above. Until the, we have deleted the “administrator” entry from your 8G file.
Thank you!